Overview

overview

10

Static

static

3

effects494.exe

windows7-x64

10

effects494.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    effects494.exe

  • Size

    1.0MB

  • Sample

    230522-mvs94saf6s

  • MD5

    ca0fed32ad77a35c6cbf1c59ced65405

  • SHA1

    7c3ba70a30b3e29a35eff475bce4c5aef30ff625

  • SHA256

    902e82e50d085ff6f90c85a8256b3f3e28949e6d0d5bbd6f3caffdb896ce68e4

  • SHA512

    76335302c2b58364750827cb86b54583cf6991bb3ef37041918839cfc557edf86e1c64a2bb8ee8cae859d016c6c5a9a498a267130036ac0beda69e2c352627c8

  • SSDEEP

    12288:6Mrzy90mXWGZwMmiCPwWOKkdaVRqV4CFhoZrkN+nsxhKnVcOgn4FxfO+FSMul6:ByxXQMnCPwLKq+c4kg+KVQ4Fxm+kP6

Score
10/10
redlinedizaevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

diza

C2

185.161.248.37:4138

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      effects494.exe

    • Size

      1.0MB

    • MD5

      ca0fed32ad77a35c6cbf1c59ced65405

    • SHA1

      7c3ba70a30b3e29a35eff475bce4c5aef30ff625

    • SHA256

      902e82e50d085ff6f90c85a8256b3f3e28949e6d0d5bbd6f3caffdb896ce68e4

    • SHA512

      76335302c2b58364750827cb86b54583cf6991bb3ef37041918839cfc557edf86e1c64a2bb8ee8cae859d016c6c5a9a498a267130036ac0beda69e2c352627c8

    • SSDEEP

      12288:6Mrzy90mXWGZwMmiCPwWOKkdaVRqV4CFhoZrkN+nsxhKnVcOgn4FxfO+FSMul6:ByxXQMnCPwLKq+c4kg+KVQ4Fxm+kP6

    Score
    10/10
    redlinedizaevasioninfostealerpersistencetrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks